Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have read that you should use SSL not just when the user is logged in, but for the entire time the user is logged in. It read, “Many web sites log in via SSL and redirect back to HTTP after you’re logged in, which is absolutely the wrong thing to do.” I think they’re talking about session hijacking.
Ref. http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
Is this correct? If so, why doesn’t stack exchange have me in SSL right now?
You should use SSL every time you send sensitive information over a network like passwords, credit card information, your bank account, …
Not always however it is pretty easy these days to steal someone’s session cookie over an unencrypted wireless network. If someone steals my cookie and posts nonsens on Stack Overflow it’s probably not going to impact my life. Facebook and Twitter (spying governments) can be a different story.